@sleevi_ Does Chrome outright reject redacted certificates at the moment? Is there a place/page where this is documented/explained?
-
-
Well, in my experience with PKI, it’s not a requirement for something to be specified to work in practice. And the opposite happens to, specified things often don’t work.
-
TLS clients need explicit support for redaction because of how SCT signatures work. Without explicit support, the SCT will have an invalid signature. No different than if you tried to use a http://yahoo.com SCT with a http://google.com cert.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.